1. Technical Field
The present invention relates to electronic transactions and, more particularly, to a system and method for conducting dual-authenticated electronic transactions without the use of a point of sale device.
2. Description of the Related Art
Consumers have become accustomed to conducting electronic transactions using networks such as the Internet. The popularity of electronic transactions has grown such that many consumers purchase more items electronically than in physical store locations. As the popularity of electronic transactions continues to grow, so too has electronic thefts. Hackers have developed numerous techniques to gain access to user account information. Once the account information is obtained, the hacker is able to conduct electronic transactions and charge the costs to the user account.
Various techniques have been developed in an attempt to prevent such theft by hackers. According to at least one conventional technique, users conduct transactions using the encryption provisions of a selected web browser (e.g., Internet Explorer, Firefox, Netscape, etc.). While offering a certain level of security, such techniques are susceptible to flaws in the browser and operating system themselves. These techniques also do not prevent hackers from implanting Trojans, or other malicious programs, in a user's computer to access security information stored on the computer or to intercept such information during electronic transactions.
Dual-factor authentication techniques have been utilized in order to improve security of electronic transactions. A first factor can correspond to something unique or available to a user, such as an automated teller machine (ATM) card, smartcard, etc. The second factor can correspond to something known to, or associated with, the user such as a personal identification number (PIN), fingerprint, retina pattern, etc.
For example, one current methodology attaches a peripheral PIN entry device (PED) using a data connection, such as a USB connection, to a device (e.g., computer, mobile phone, PDA, etc.) capable of accessing a network such as the internet. The PED is used to read information from a magnetic strip of the ATM card using the conventional “swiping” technique. Next, the PIN is entered into the PED, where it is further encrypted by the PED together with information read form the swiped card. The PED subsequently transmits the encrypted information across the network to a location where the transaction will be processed.
While this technique can greatly increase the level of security due to added authentication, it is necessary to incorporate additional hardware such as the PED. The additional costs and complications can often act as a deterrent to conventional users seeking additional security for personal transactions.
Accordingly, there exists a need for increasing the level of security associated electronic transactions.
There also exists a need for conducting dual-authenticated personal transactions without complicated hardware.